diff options
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sftp-int.c | 49 |
2 files changed, 38 insertions, 17 deletions
@@ -15,6 +15,10 @@ | |||
15 | - deraadt@cvs.openbsd.org 2003/07/18 01:54:25 | 15 | - deraadt@cvs.openbsd.org 2003/07/18 01:54:25 |
16 | [scp.c] | 16 | [scp.c] |
17 | userid is unsigned, but well, force it anyways; andrushock@korovino.net | 17 | userid is unsigned, but well, force it anyways; andrushock@korovino.net |
18 | - djm@cvs.openbsd.org 2003/07/19 00:45:53 | ||
19 | [sftp-int.c] | ||
20 | fix sftp filename parsing for arguments with escaped quotes. bz #517; | ||
21 | ok markus | ||
18 | 22 | ||
19 | 20030714 | 23 | 20030714 |
20 | - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare | 24 | - (dtucker) [acconfig.h configure.ac port-aix.c] Older AIXes don't declare |
@@ -711,4 +715,4 @@ | |||
711 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 715 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
712 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 716 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
713 | 717 | ||
714 | $Id: ChangeLog,v 1.2861 2003/07/19 10:07:45 dtucker Exp $ | 718 | $Id: ChangeLog,v 1.2862 2003/07/19 10:09:21 dtucker Exp $ |
diff --git a/sftp-int.c b/sftp-int.c index f2d3f9468..73653b7e0 100644 --- a/sftp-int.c +++ b/sftp-int.c | |||
@@ -25,7 +25,7 @@ | |||
25 | /* XXX: recursive operations */ | 25 | /* XXX: recursive operations */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: sftp-int.c,v 1.60 2003/05/15 03:43:59 mouring Exp $"); | 28 | RCSID("$OpenBSD: sftp-int.c,v 1.61 2003/07/19 00:45:53 djm Exp $"); |
29 | 29 | ||
30 | #include "buffer.h" | 30 | #include "buffer.h" |
31 | #include "xmalloc.h" | 31 | #include "xmalloc.h" |
@@ -332,7 +332,7 @@ get_pathname(const char **cpp, char **path) | |||
332 | { | 332 | { |
333 | const char *cp = *cpp, *end; | 333 | const char *cp = *cpp, *end; |
334 | char quot; | 334 | char quot; |
335 | int i; | 335 | int i, j; |
336 | 336 | ||
337 | cp += strspn(cp, WHITESPACE); | 337 | cp += strspn(cp, WHITESPACE); |
338 | if (!*cp) { | 338 | if (!*cp) { |
@@ -341,37 +341,54 @@ get_pathname(const char **cpp, char **path) | |||
341 | return (0); | 341 | return (0); |
342 | } | 342 | } |
343 | 343 | ||
344 | *path = xmalloc(strlen(cp) + 1); | ||
345 | |||
344 | /* Check for quoted filenames */ | 346 | /* Check for quoted filenames */ |
345 | if (*cp == '\"' || *cp == '\'') { | 347 | if (*cp == '\"' || *cp == '\'') { |
346 | quot = *cp++; | 348 | quot = *cp++; |
347 | 349 | ||
348 | end = strchr(cp, quot); | 350 | /* Search for terminating quote, unescape some chars */ |
349 | if (end == NULL) { | 351 | for (i = j = 0; i <= strlen(cp); i++) { |
350 | error("Unterminated quote"); | 352 | if (cp[i] == quot) { /* Found quote */ |
351 | goto fail; | 353 | (*path)[j] = '\0'; |
354 | break; | ||
355 | } | ||
356 | if (cp[i] == '\0') { /* End of string */ | ||
357 | error("Unterminated quote"); | ||
358 | goto fail; | ||
359 | } | ||
360 | if (cp[i] == '\\') { /* Escaped characters */ | ||
361 | i++; | ||
362 | if (cp[i] != '\'' && cp[i] != '\"' && | ||
363 | cp[i] != '\\') { | ||
364 | error("Bad escaped character '\%c'", | ||
365 | cp[i]); | ||
366 | goto fail; | ||
367 | } | ||
368 | } | ||
369 | (*path)[j++] = cp[i]; | ||
352 | } | 370 | } |
353 | if (cp == end) { | 371 | |
372 | if (j == 0) { | ||
354 | error("Empty quotes"); | 373 | error("Empty quotes"); |
355 | goto fail; | 374 | goto fail; |
356 | } | 375 | } |
357 | *cpp = end + 1 + strspn(end + 1, WHITESPACE); | 376 | *cpp = cp + i + strspn(cp + i, WHITESPACE); |
358 | } else { | 377 | } else { |
359 | /* Read to end of filename */ | 378 | /* Read to end of filename */ |
360 | end = strpbrk(cp, WHITESPACE); | 379 | end = strpbrk(cp, WHITESPACE); |
361 | if (end == NULL) | 380 | if (end == NULL) |
362 | end = strchr(cp, '\0'); | 381 | end = strchr(cp, '\0'); |
363 | *cpp = end + strspn(end, WHITESPACE); | 382 | *cpp = end + strspn(end, WHITESPACE); |
364 | } | ||
365 | |||
366 | i = end - cp; | ||
367 | 383 | ||
368 | *path = xmalloc(i + 1); | 384 | memcpy(*path, cp, end - cp); |
369 | memcpy(*path, cp, i); | 385 | (*path)[end - cp] = '\0'; |
370 | (*path)[i] = '\0'; | 386 | } |
371 | return(0); | 387 | return (0); |
372 | 388 | ||
373 | fail: | 389 | fail: |
374 | *path = NULL; | 390 | xfree(*path); |
391 | *path = NULL; | ||
375 | return (-1); | 392 | return (-1); |
376 | } | 393 | } |
377 | 394 | ||